Gentoo alert: iproute local Denial of Service Vulnerability

Posted by dave on Apr 9, 2004 4:15 AM EDT
Mailing list; By Kurt Lieber <klieber@gentoo.org>
Mail this story
Print this story

The iproute package allows local users to cause a denial of service.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200404-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                             http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low Title: iproute local Denial of Service vulnerability

Date: April 09, 2004 Bugs: #34294 ID: 200404-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis ========

The iproute package allows local users to cause a denial of service.

Background ==========

iproute is a set of tools for managing linux network routing and advanced features.

Affected packages =================

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- sys-apps/iproute <= 20010824-r4 >= 20010824-r5

Description ===========

It has been reported that iproute can accept spoofed messages on the kernel netlink interface from local users. This could lead to a local Denial of Service condition.

Impact ======

Local users could cause a Denial of Service.

Workaround ==========

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution ==========

All iproute users should upgrade to version 20010824-r5 or later:

# emerge sync

# emerge -pv ">=sys-apps/iproute-20010824-r5"; # emerge ">=sys-apps/iproute-20010824-r5";

References ==========

[ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0856

Concerns? =========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [e-mail:security@gentoo.org] or alternatively, you may file a bug at http://bugs.gentoo.org.

Availability ============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200404-10.xml

Copyright/License ================== Copyright 2004 Gentoo Technologies, Inc.

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0
[PARSEASHTML]

  Nav
» Read more about: Story Type: Security; Groups: Gentoo

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.